The GDPR data privacy principles: universally relevant
Sumant Pal
Strategic Advisor | GTM, Customer Success, Data Governance | Value Realization, Consulting
The European Union (EU) General Data Protection Regulation (GDPR) went into effect in 2018, establishing an innovative, comprehensive framework for safeguarding data privacy. Widely regarded as the most robust privacy legislation currently in force, the GDPR empowers EU residents to govern the collection and utilization of their personal information by organizations.? Article 5 of the GDPR lays out the data privacy principles - these have had a significant impact globally, influencing data protection laws and practices in other regions. The data privacy laws in non-EU European countries (e.g., UK, Norway, Switzerland), Asia (e.g., Japan, S Korea), Africa (e.g., Ghana, Nigeria) and South America (e.g., Brazil, Argentina) are among the ones that are based on the GDPR.
Let’s review the principles:
1. Lawfulness, Fairness and Transparency:
Lawfulness requires that the processing of personal data must have a legal basis under the GDPR, such as consent, contractual necessity, compliance with legal obligations, protection of vital interests, performance of a task carried out in the public interest.
Fairness means the data processing should not cause individuals unjust harm. Also, individuals have the right to expect that their data will be handled in a reasonable and responsible manner.
Transparency requires that organizations processing personal data provide clear and easily understandable information to individuals about how their data is being processed.
2. Purpose Limitation
This stipulates that personal data should be collected for specified, explicit, and legitimate purposes and should not be used for any other purpose.
3. Data Minimization
This requires organizations to limit the collection, processing, and retention of personal data to only what is necessary for the specified purposes.
领英推荐
4. Accuracy
This requires the data stored to be accurate and where necessary kept up to date. Inaccurate data must be updated or deleted. This has implications for data subject access rights.
5. Storage Limitation
This requires organizations to store personal data for no longer than is necessary for the purposes for which the data was originally collected or processed. Organizations need to set up procedures for regular review and purging of personal data.
6. Integrity and Confidentiality
The Integrity principle requires that personal data stored by organizations is accurate and has not been corrupted or altered. This includes implementing measures to prevent accidental or deliberate data loss, destruction, or alteration.
Confidentiality means that personal data should only be accessed and processed by authorized individuals for legitimate purposes. Appropriate measures to prevent unauthorized access, disclosure, or sharing of personal data must be in place.
7. Accountability
Accountability is a key principle that emphasizes the responsibility of organizations to demonstrate compliance with the GDPR's data protection requirements, e.g., by proactively putting in place data protection policies and procedures.
Now, you see why these principles are regarded as universal - they prioritize fundamental rights and principles that are broadly applicable across different legal systems and cultures. Check out more information from the IAPP on GDPR at https://iapp.org/resources/topics/eu-gdpr/
#GDPR #AI #data protection